On 10/09/2012 09:51 AM, Robin Elfrink wrote: > $tmp_path = tempnam($temp_dir, 'rcmAttmnt');
I suppose changing this to $tmp_path = tempnam($temp_dir, 'rcmAttmnt' . $RCMAIL->user->ID); should at least fix security part of this issue. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl _______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
